Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.hackgate.io/llms.txt

Use this file to discover all available pages before exploring further.

This guide walks you through setting up your first HackGATE — from creating a proxy for your web application to inviting researchers and monitoring their activity.
You need a Hackrate account and an organization created before following these steps. Sign in at admin.hackgate.io.
1

Sign in and get your token

Log in to admin.hackgate.io. Your session JWT is automatically used by the admin dashboard. For API access, copy your Bearer token from your account settings and include it in every request:
Authorization: Bearer <your-jwt-token>
2

Create a HackGATE

In the dashboard, click New HackGATE and enter your application’s URL (e.g. https://www.example.com).Or create one via the API:
curl -X POST https://admin.hackgate.io/api/sites \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d '{"originName": "https://www.example.com"}'
The response includes the hackgatedName (e.g. example-yourorg.hackgate.net). Share this URL with researchers instead of your real origin.
3

Configure access

By default, any authenticated researcher can access your HackGATE. To restrict access to a specific list, set allowedHackerType to true:
curl -X POST https://admin.hackgate.io/api/sites/allowedHackerType \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d '{"id": "<site-id>", "allowedHackerType": true}'
Once enabled, only researchers on your allowlist can access the HackGATE.
4

Add researchers

Add researchers to your allowlist by email address:
curl -X POST https://admin.hackgate.io/api/sites/addHacker \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d '{"siteId": "<site-id>", "email": "researcher@example.com"}'
Repeat for each researcher you want to grant access.
5

Monitor traffic

Once your HackGATE is active, go to the Analytics section in the dashboard to see requests per researcher, paths discovered, and WAF events.
After creating a HackGATE, deployment takes a few minutes. You’ll receive an email confirmation when your instance is live.
The origin URL must be in FQDN format (e.g. https://www.example.com). Do not include query parameters.
Last modified on May 9, 2026